Integer Overflow to Buffer Overflow

Draft Compound

Structure: Chain

Description

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

Common Consequences 1

Scope: IntegrityAvailabilityConfidentiality

Impact: Modify MemoryDoS: Crash, Exit, or RestartExecute Unauthorized Code or Commands

Demonstrative Examples 1

ID : DX-33

The following image processing code allocates a table for images.

Code Example:Bad
C
c

This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (Integer Overflow or Wraparound). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (Improper Restriction of Operations within the Bounds of a Memory Buffer).

Observed Examples 2

CVE-2021-43537Chain: in a web browser, an unsigned 64-bit integer is forcibly cast to a 32-bit integer (Incorrect Conversion between Numeric Types) and potentially leading to an integer overflow (Integer Overflow or Wraparound). If an integer overflow occurs, this can cause heap memory corruption (Heap-based Buffer Overflow)

CVE-2017-1000121chain: unchecked message size metadata allows integer overflow (Integer Overflow or Wraparound) leading to buffer overflow (Improper Restriction of Operations within the Bounds of a Memory Buffer).

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Related Attack Patterns

Functional Areas

Memory Management

Affected Resources

Memory

Related Weaknesses

StartsWith:

Integer Overflow or Wraparound (CWE-190)

ChildOf:

Integer Overflow or Wraparound (CWE-190)

Taxonomy Mapping

CERT C Secure Coding
CERT C Secure Coding
CERT C Secure Coding